<br><br><div class="gmail_quote">On Tue, Aug 24, 2010 at 8:11 PM, Igor Stasenko <span dir="ltr"><<a href="mailto:siguctua@gmail.com">siguctua@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im"><br>
On 25 August 2010 04:39, Eliot Miranda <<a href="mailto:eliot.miranda@gmail.com">eliot.miranda@gmail.com</a>> wrote:<br>
><br>
> Hi Levente,<br>
> essentially correct. The bug was caused by an incorrect asm. Changing<br>
> # define BYTE_SWAP(w) __asm__("bswap %%eax" : "=r" (w) : "r" (w))<br>
> # define WORD_SWAP(w) __asm__("roll $16, %%eax" : "=r" (w) : "r" (w))<br>
> to<br>
> # define BYTE_SWAP(w) __asm__("bswap %0" : "=r" (w) : "r" (w))<br>
> # define WORD_SWAP(w) __asm__("roll $16, %0" : "=r" (w) : "r" (w))<br>
> in platforms/win32/vm/sqWin32Window.c's byte & word image reversal code fixes it. This worked back on 2.95.x because it always chose $eax as the register for the value variable in<br>
> unsigned int value = *srcPixPtr++;<br>
> but gcc 3.x is more devious.<br>
> I've updated svn and will upload a new engine soon.<br>
> thanks,<br>
> Eliot<br>
><br>
</div>Hmm.. interesting, how changing a byte order could cause a crash?<br>
A windows blitter using byte reversal logic when blitting a big-endian<br>
forms on windows GDI (since on windows its little-endian,<br>
it swaps form's bits, then copying bits, and then swaps back again)..<br>
but still i don't understand how this may cause a crash.. it may cause<br>
problems with seeing anything correct on a screen.<br></blockquote><div><br></div><div># define BYTE_SWAP(w) __asm__("bswap %%eax" : "=r" (w) : "r" (w))</div><div><br></div><div>causes $eax to be byte-swapped irrespective of its use. In gcc 3.4.4 and the code in question $eax contained a loop limit which caused an out-of-range memory read.</div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div></div><div class="h5"><br>
> On Sun, Aug 22, 2010 at 1:56 PM, Levente Uzonyi <<a href="mailto:leves@elte.hu">leves@elte.hu</a>> wrote:<br>
>><br>
>> Hi,<br>
>><br>
>><br>
>> evaluating [Display newDepth: x] where the value of x is 1, 4, 8 or 16 crashes the VM. No crash dump is written. If x is 2, -1, -2 or -4, then the image informs me that the depth is not available on the system. If x is -8 or -16 then the code works. For the x=16 case gdb shows the following:<br>
>><br>
>> Program received signal SIGSEGV, Segmentation fault.<br>
>> reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0, width=1272,<br>
>> rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875<br>
>> 1875 unsigned int value = *srcPixPtr++;<br>
>> (gdb) where<br>
>> #0 reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0, width=1272,<br>
>> rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875<br>
>> #1 0x0043f61a in ioShowDisplay (dispBits=340847780, width=1272, height=745,<br>
>> depth=16, affectedL=0, affectedR=1000, affectedT=0, affectedB=0)<br>
>> at ../platforms/win32/vm/sqWin32Window.c:2324<br>
>> #2 0x00403270 in displayBitsOfLeftTopRightBottom (aForm=-719257650, l=0,<br>
>> t=0, r=1272, b=745) at ../src/vm/gcc3x-cointerp.c:13701<br>
>> #3 0x00405ff9 in fullDisplayUpdate () at ../src/vm/gcc3x-cointerp.c:16777<br>
>> #4 0x0044093a in MainWndProcW (hwnd=0xf05f6, message=15, wParam=0, lParam=0)<br>
>> at ../platforms/win32/vm/sqWin32Window.c:447<br>
>> #5 0x75fef8d2 in USER32!GetMessageW ()<br>
>> from /cygdrive/c/Windows/system32/user32.dll<br>
>> #6 0x75fef794 in USER32!GetWindowLongW ()<br>
>> from /cygdrive/c/Windows/system32/user32.dll<br>
>> #7 0x004403dc in sqLaunchDrop ()<br>
>> at ../platforms/win32/vm/sqWin32Window.c:2773<br>
>> #8 0x75ff0817 in USER32!ReleaseDC ()<br>
>> from /cygdrive/c/Windows/system32/user32.dll<br>
>> #9 0x75ff0a65 in USER32!GetWindowThreadProcessId ()<br>
>> from /cygdrive/c/Windows/system32/user32.dll<br>
>> #10 0x776a99ce in ntdll!LdrEnumResources ()<br>
>> from /cygdrive/c/Windows/system32/ntdll.dll<br>
>> #11 0x00ace008 in ?? ()<br>
>> #12 0x00000018 in ?? ()<br>
>> ---Type <return> to continue, or q <return> to quit---<br>
>> #13 0x00ace058 in ?? ()<br>
>> #14 0x776a9980 in ntdll!LdrDisableThreadCalloutsForDll ()<br>
>> from /cygdrive/c/Windows/system32/ntdll.dll<br>
>> #15 0x0204c1d8 in ?? ()<br>
>> #16 0x0000000f in ?? ()<br>
>> #17 0x00000000 in ?? ()<br>
>> (gdb) info registers<br>
>> eax 0xd520ffce -719257650<br>
>> ecx 0x3 3<br>
>> edx 0x0 0<br>
>> ebx 0x1f4 500<br>
>> esp 0xacd5b4 0xacd5b4<br>
>> ebp 0x0 0x0<br>
>> esi 0x1511a000 353476608<br>
>> edi 0x1511a000 353476608<br>
>> eip 0x43ed0c 0x43ed0c <reverse_image_words+353><br>
>> eflags 0x10216 [ PF AF IF RF ]<br>
>> cs 0x1b 27<br>
>> ss 0x23 35<br>
>> ds 0x23 35<br>
>> es 0x23 35<br>
>> fs 0x3b 59<br>
>> gs 0x0 0<br>
>><br>
>> It may be a compiler bug, because the 4.0.2 SqueakVM doesn't have this issue. It's a bit suspicious that depth is 0 here:<br>
>> #0 reverse_image_words (dst=0x1450eca4, src=0x1450eca4, depth=0, width=1272,<br>
>> rect=0x561e60) at ../platforms/win32/vm/sqWin32Window.c:1875<br>
>> but the value of depth is known at compilation time (16), so it may be some compiler "magic".<br>
>> Here are the values of the variables in the method:<br>
>> (gdb) p dst<br>
>> $2 = (unsigned int *) 0x1450eca4<br>
>> (gdb) p src<br>
>> $3 = (unsigned int *) 0x1450eca4<br>
>> (gdb) p depth<br>
>> $4 = 0<br>
>> (gdb) p width<br>
>> $5 = 1272<br>
>> (gdb) p rect<br>
>> $6 = (RECT *) 0x561e60<br>
>> (gdb) p rect->left<br>
>> $7 = 0<br>
>> (gdb) p rect->right<br>
>> $8 = 1000<br>
>> (gdb) p rect->top<br>
>> $9 = 0<br>
>> (gdb) p rect->bottom<br>
>> $10 = 745<br>
>> (gdb) p pitch<br>
>> $11 = 353476608<br>
>> (gdb) p first<br>
>> $12 = 3<br>
>> (gdb) p last<br>
>> No symbol "last" in current context.<br>
>> (gdb) p nWords<br>
>> $13 = 500<br>
>> (gdb) p delta<br>
>> $14 = 0<br>
>> (gdb) p yy<br>
>> $15 = 0<br>
>> (gdb) p srcPixPtr<br>
>> $16 = (DWORD *) 0x1511a000<br>
>> (gdb) p dstPixPtr<br>
>> $17 = (DWORD *) 0x1511a000<br>
>> (gdb) p i<br>
>> $18 = -719257650<br>
>> (gdb) p value<br>
>> $19 = 0<br>
>><br>
>><br>
>> Cheers,<br>
>> Levente<br>
><br>
><br>
><br>
<br>
<br>
<br>
</div></div><font color="#888888">--<br>
Best regards,<br>
Igor Stasenko AKA sig.<br>
</font></blockquote></div><br>